nTimetools Logo

nTimetools

0
Free
Visit Website

nTimetools is a suite of console tools developed to work with timestamps in Windows. nTimetools comprises 2 tools that allow both forensic analysts as well as red teamers to modify and verify file timestamps up to 100-nanosecond precision. nTimeview allows forensic analysts to view the MACB timestamps of files on a live system. It uses the undocumented NtQueryInformationFile API. As such, it works on NTFS/FAT and even mapped drives. It does not require privileged access. nTimestomp allows red teamers to timestomp MACB timestamps of files with 100-nanosecond level precision. Forensic analysts are usually taught to spot 0s in the millisecond position as evidence that timestomping has occurred.

FEATURES

ALTERNATIVES

Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups.

Tool for parsing Android logs events and protobuf data

Analyse a forensic target to find and report files found and not found in hashlookup CIRCL public service.

Analyzing WiFiConfigStore.xml file for digital forensics on Android devices.

Automated collection tool for incident response triage in Windows systems.

Educational CTF-styled challenges for Memory Forensics.

TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.

A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.